From b3ab46f4274ae34c71c49793e8f20f366894e26c Mon Sep 17 00:00:00 2001
From: felmer <felmer>
Date: Tue, 11 Sep 2012 07:03:09 +0000
Subject: [PATCH] BIS-142 Moving authorization annotations from
IScreeningServer and IScreeningApiServer to ScreeningServer. Introducing
system test ScreeningServerAuthorizationTest. Moving
ServerInterfaceRegressionTest from shared to server package.
SVN: 26577
---
.../screening/server/ScreeningServer.java | 194 ++++++++++++++----
.../screening/shared/IScreeningServer.java | 58 +-----
.../shared/api/v1/IScreeningApiServer.java | 107 +++-------
.../ServerInterfaceRegressionTest.java | 13 +-
.../ScreeningServerAuthorizationTest.java | 127 ++++++++++++
5 files changed, 315 insertions(+), 184 deletions(-)
rename screening/sourceTest/java/ch/systemsx/cisd/openbis/plugin/screening/{shared => server}/ServerInterfaceRegressionTest.java (61%)
create mode 100644 screening/sourceTest/java/ch/systemsx/cisd/openbis/screening/systemtests/ScreeningServerAuthorizationTest.java
diff --git a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/server/ScreeningServer.java b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/server/ScreeningServer.java
index a0c0930608c..4431aef8267 100644
--- a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/server/ScreeningServer.java
+++ b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/server/ScreeningServer.java
@@ -32,7 +32,6 @@ import org.springframework.stereotype.Component;
import ch.rinn.restrictions.Private;
import ch.systemsx.cisd.authentication.ISessionManager;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
-import ch.systemsx.cisd.common.spring.ExposablePropertyPlaceholderConfigurer;
import ch.systemsx.cisd.common.spring.IInvocationLoggerContext;
import ch.systemsx.cisd.openbis.generic.server.AbstractServer;
import ch.systemsx.cisd.openbis.generic.server.business.IPropertiesBatchManager;
@@ -44,6 +43,15 @@ import ch.systemsx.cisd.openbis.generic.server.plugin.IDataSetTypeSlaveServerPlu
import ch.systemsx.cisd.openbis.generic.server.plugin.ISampleTypeSlaveServerPlugin;
import ch.systemsx.cisd.openbis.generic.shared.ICommonServer;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.Sample;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.Capability;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractTechIdPredicate.DataSetTechIdPredicate;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractTechIdPredicate.ExperimentTechIdPredicate;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodeCollectionPredicate;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodePredicate;
+import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.SampleTechIdPredicate;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.BasicProjectIdentifier;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.CodeAndLabel;
@@ -54,6 +62,7 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.MaterialType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewMaterial;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSamplesWithTypes;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Project;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleParentWithDerived;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Vocabulary;
import ch.systemsx.cisd.openbis.generic.shared.dto.SamplePE;
@@ -78,6 +87,13 @@ import ch.systemsx.cisd.openbis.plugin.screening.server.logic.ScreeningUtils;
import ch.systemsx.cisd.openbis.plugin.screening.server.logic.WellContentLoader;
import ch.systemsx.cisd.openbis.plugin.screening.shared.IScreeningServer;
import ch.systemsx.cisd.openbis.plugin.screening.shared.ResourceNames;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.ExperimentIdentifierPredicate;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.PlateIdentifierPredicate;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.PlateWellReferenceWithDatasetsValidator;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.ScreeningExperimentValidator;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.ScreeningPlateListReadOnlyPredicate;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.ScreeningPlateValidator;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.WellIdentifierPredicate;
import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.IScreeningApiServer;
import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.ExperimentIdentifier;
import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.ExperimentImageMetadata;
@@ -92,6 +108,12 @@ import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.PlateMetadata
import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.PlateWellMaterialMapping;
import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.PlateWellReferenceWithDatasets;
import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.WellIdentifier;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.authorization.DatasetReferencePredicate;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.authorization.ExperimentSearchCriteriaPredicate;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.authorization.MaterialExperimentFeatureVectorSummaryValidator;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.authorization.MaterialFeaturesOneExpPredicate;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.authorization.WellContentValidator;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.authorization.WellSearchCriteriaPredicate;
import ch.systemsx.cisd.openbis.plugin.screening.shared.basic.dto.AnalysisProcedures;
import ch.systemsx.cisd.openbis.plugin.screening.shared.basic.dto.DatasetReference;
import ch.systemsx.cisd.openbis.plugin.screening.shared.basic.dto.ExperimentFeatureVectorSummary;
@@ -133,9 +155,6 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
*/
public static final int MINOR_VERSION = 9;
- @Resource(name = ExposablePropertyPlaceholderConfigurer.PROPERTY_CONFIGURER_BEAN_NAME)
- private ExposablePropertyPlaceholderConfigurer configurer;
-
@Resource(name = ResourceNames.SCREENING_BUSINESS_OBJECT_FACTORY)
private IScreeningBusinessObjectFactory businessObjectFactory;
@@ -194,8 +213,10 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
//
@Override
- public final SampleParentWithDerived getSampleInfo(final String sessionToken,
- final TechId sampleId)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public SampleParentWithDerived getSampleInfo(final String sessionToken,
+ @AuthorizationGuard(guardClass = SampleTechIdPredicate.class)
+ final TechId sampleId) throws UserFailureException
{
final Session session = getSession(sessionToken);
final ISampleBO sampleBO = businessObjectFactory.createSampleBO(session);
@@ -206,14 +227,19 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
- public PlateContent getPlateContent(String sessionToken, TechId plateId)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public PlateContent getPlateContent(String sessionToken,
+ @AuthorizationGuard(guardClass = SampleTechIdPredicate.class)
+ TechId plateId)
{
Session session = getSession(sessionToken);
return PlateContentLoader.loadImagesAndMetadata(session, businessObjectFactory, plateId);
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public FeatureVectorDataset getFeatureVectorDataset(String sessionToken,
+ @AuthorizationGuard(guardClass = DatasetReferencePredicate.class)
DatasetReference dataset, CodeAndLabel featureName)
{
Session session = getSession(sessionToken);
@@ -222,7 +248,10 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
- public PlateImages getPlateContentForDataset(String sessionToken, TechId datasetId)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public PlateImages getPlateContentForDataset(String sessionToken,
+ @AuthorizationGuard(guardClass = DataSetTechIdPredicate.class)
+ TechId datasetId)
{
Session session = getSession(sessionToken);
return PlateContentLoader.loadImagesAndMetadataForDataset(session, businessObjectFactory,
@@ -230,7 +259,11 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
- public List<WellContent> listPlateWells(String sessionToken, WellSearchCriteria materialCriteria)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ @ReturnValueFilter(validatorClass = WellContentValidator.class)
+ public List<WellContent> listPlateWells(String sessionToken,
+ @AuthorizationGuard(guardClass = WellSearchCriteriaPredicate.class)
+ WellSearchCriteria materialCriteria)
{
Session session = getSession(sessionToken);
return WellContentLoader.load(session, businessObjectFactory, getDAOFactory(),
@@ -238,7 +271,9 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<WellReplicaImage> listWellImages(String sessionToken, TechId materialId,
+ @AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class)
TechId experimentId)
{
Session session = getSession(sessionToken);
@@ -247,7 +282,10 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
- public List<Material> listMaterials(String sessionToken, WellSearchCriteria materialCriteria)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public List<Material> listMaterials(String sessionToken,
+ @AuthorizationGuard(guardClass = WellSearchCriteriaPredicate.class)
+ WellSearchCriteria materialCriteria)
{
Session session = getSession(sessionToken);
return WellContentLoader.loadMaterials(session, businessObjectFactory, getDAOFactory(),
@@ -255,8 +293,10 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
- public FeatureVectorValues getWellFeatureVectorValues(String sessionToken, String datasetCode,
- String datastoreCode, WellLocation wellLocation)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public FeatureVectorValues getWellFeatureVectorValues(String sessionToken,
+ @AuthorizationGuard(guardClass = DataSetCodePredicate.class)
+ String datasetCode, String datastoreCode, WellLocation wellLocation)
{
getSession(sessionToken);
return FeatureVectorValuesLoader.loadFeatureVectorValues(businessObjectFactory,
@@ -264,8 +304,10 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
- public LogicalImageInfo getImageDatasetInfo(String sessionToken, String datasetCode,
- String datastoreCode, WellLocation wellLocationOrNull)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public LogicalImageInfo getImageDatasetInfo(String sessionToken,
+ @AuthorizationGuard(guardClass = DataSetCodePredicate.class)
+ String datasetCode, String datastoreCode, WellLocation wellLocationOrNull)
{
Session session = getSession(sessionToken);
return LogicalImageLoader.loadLogicalImageInfo(session, businessObjectFactory, datasetCode,
@@ -273,7 +315,9 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ImageDatasetEnrichedReference getImageDatasetReference(String sessionToken,
+ @AuthorizationGuard(guardClass = DataSetCodePredicate.class)
String datasetCode, String datastoreCode)
{
Session session = getSession(sessionToken);
@@ -282,7 +326,9 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<ImageResolution> getImageDatasetResolutions(String sessionToken,
+ @AuthorizationGuard(guardClass = DataSetCodePredicate.class)
String datasetCode, String datastoreCode)
{
checkSession(sessionToken);
@@ -292,8 +338,10 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
- public ImageSampleContent getImageDatasetInfosForSample(String sessionToken, TechId sampleId,
- WellLocation wellLocationOrNull)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public ImageSampleContent getImageDatasetInfosForSample(String sessionToken,
+ @AuthorizationGuard(guardClass = SampleTechIdPredicate.class)
+ TechId sampleId, WellLocation wellLocationOrNull)
{
Session session = getSession(sessionToken);
return PlateContentLoader.getImageDatasetInfosForSample(session, businessObjectFactory,
@@ -301,18 +349,23 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
- public ExternalData getDataSetInfo(String sessionToken, TechId datasetId)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public ExternalData getDataSetInfo(String sessionToken,
+ @AuthorizationGuard(guardClass = DataSetTechIdPredicate.class)
+ TechId datasetId)
{
return commonServer.getDataSetInfo(sessionToken, datasetId);
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Material getMaterialInfo(String sessionToken, TechId materialId)
{
return commonServer.getMaterialInfo(sessionToken, materialId);
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Vocabulary getVocabulary(String sessionToken, String code) throws UserFailureException
{
checkSession(sessionToken);
@@ -322,6 +375,8 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
+ @Capability("WRITE_EXPERIMENT_SAMPLE_MATERIAL")
public void registerLibrary(String sessionToken, String userEmail,
List<NewMaterial> newGenesOrNull, List<NewMaterial> newOligosOrNull,
List<NewSamplesWithTypes> newSamplesWithType)
@@ -331,8 +386,10 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
- public List<Material> listExperimentMaterials(String sessionToken, TechId experimentId,
- MaterialType materialType)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public List<Material> listExperimentMaterials(String sessionToken,
+ @AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class)
+ TechId experimentId, MaterialType materialType)
{
// TODO 2010-09-01, Piotr Buczek: move it to some BO when we have more queries like that
IScreeningQuery dao = createDAO(getDAOFactory());
@@ -348,7 +405,9 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ExperimentFeatureVectorSummary getExperimentFeatureVectorSummary(String sessionToken,
+ @AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class)
TechId experimentId, AnalysisProcedureCriteria analysisProcedureCriteria)
{
Session session = getSession(sessionToken);
@@ -362,6 +421,8 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ @ReturnValueFilter(validatorClass = MaterialExperimentFeatureVectorSummaryValidator.class)
public List<MaterialSimpleFeatureVectorSummary> getMaterialFeatureVectorsFromAllExperiments(
String sessionToken, MaterialFeaturesManyExpCriteria criteria)
{
@@ -409,7 +470,9 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public MaterialReplicaFeatureSummaryResult getMaterialFeatureVectorSummary(String sessionToken,
+ @AuthorizationGuard(guardClass = MaterialFeaturesOneExpPredicate.class)
MaterialFeaturesOneExpCriteria criteria)
{
Session session = getSession(sessionToken);
@@ -422,36 +485,50 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
// --------- IScreeningOpenbisServer - method signature should be changed with care
@Override
- public List<FeatureVectorDatasetReference> listFeatureVectorDatasets(String sessionToken,
- List<? extends PlateIdentifier> plates)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public List<FeatureVectorDatasetReference> listFeatureVectorDatasets(
+ String sessionToken,
+ @AuthorizationGuard(guardClass = ScreeningPlateListReadOnlyPredicate.class) List<? extends PlateIdentifier> plates)
+ throws IllegalArgumentException
{
return createScreeningApiImpl(sessionToken).listFeatureVectorDatasets(plates);
}
@Override
- public List<ImageDatasetReference> listImageDatasets(String sessionToken,
- List<? extends PlateIdentifier> plates)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public List<ImageDatasetReference> listImageDatasets(
+ String sessionToken,
+ @AuthorizationGuard(guardClass = ScreeningPlateListReadOnlyPredicate.class) List<? extends PlateIdentifier> plates)
+ throws IllegalArgumentException
{
return createScreeningApiImpl(sessionToken).listImageDatasets(plates);
}
@Override
- public List<ImageDatasetReference> listRawImageDatasets(String sessionToken,
- List<? extends PlateIdentifier> plates)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public List<ImageDatasetReference> listRawImageDatasets(
+ String sessionToken,
+ @AuthorizationGuard(guardClass = ScreeningPlateListReadOnlyPredicate.class) List<? extends PlateIdentifier> plates)
+ throws IllegalArgumentException
{
return createScreeningApiImpl(sessionToken).listRawImageDatasets(plates);
}
@Override
- public List<ImageDatasetReference> listSegmentationImageDatasets(String sessionToken,
- List<? extends PlateIdentifier> plates)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public List<ImageDatasetReference> listSegmentationImageDatasets(
+ String sessionToken,
+ @AuthorizationGuard(guardClass = ScreeningPlateListReadOnlyPredicate.class) List<? extends PlateIdentifier> plates)
+ throws IllegalArgumentException
{
return createScreeningApiImpl(sessionToken).listSegmentationImageDatasets(plates);
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<PlateWellReferenceWithDatasets> listPlateWells(
String sessionToken,
+ @AuthorizationGuard(guardClass = ExperimentIdentifierPredicate.class)
ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.ExperimentIdentifier experimentIdentifer,
MaterialIdentifier materialIdentifier, boolean findDatasets)
{
@@ -460,6 +537,8 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ @ReturnValueFilter(validatorClass = PlateWellReferenceWithDatasetsValidator.class)
public List<PlateWellReferenceWithDatasets> listPlateWells(String sessionToken,
MaterialIdentifier materialIdentifier, boolean findDatasets)
{
@@ -468,58 +547,78 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
- public List<WellIdentifier> listPlateWells(String sessionToken, PlateIdentifier plateIdentifier)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public List<WellIdentifier> listPlateWells(
+ String sessionToken,
+ @AuthorizationGuard(guardClass = PlateIdentifierPredicate.class) PlateIdentifier plateIdentifier)
{
return createScreeningApiImpl(sessionToken).listPlateWells(plateIdentifier);
}
@Override
- public Sample getWellSample(String sessionToken, WellIdentifier wellIdentifier)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public Sample getWellSample(
+ String sessionToken,
+ @AuthorizationGuard(guardClass = WellIdentifierPredicate.class) WellIdentifier wellIdentifier)
{
return createScreeningApiImpl(sessionToken).getWellSample(wellIdentifier, true);
}
@Override
- public Sample getPlateSample(String sessionToken, PlateIdentifier plateIdentifier)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public Sample getPlateSample(
+ String sessionToken,
+ @AuthorizationGuard(guardClass = PlateIdentifierPredicate.class) PlateIdentifier plateIdentifier)
{
return createScreeningApiImpl(sessionToken).getPlateSample(plateIdentifier);
}
@Override
- public List<Plate> listPlates(String sessionToken)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ @ReturnValueFilter(validatorClass = ScreeningPlateValidator.class)
+ public List<Plate> listPlates(String sessionToken) throws IllegalArgumentException
{
return createScreeningApiImpl(sessionToken).listPlates();
}
@Override
- public List<Plate> listPlates(String sessionToken, ExperimentIdentifier experiment)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public List<Plate> listPlates(
+ String sessionToken,
+ @AuthorizationGuard(guardClass = ExperimentIdentifierPredicate.class) ExperimentIdentifier experiment)
+ throws IllegalArgumentException
{
return createScreeningApiImpl(sessionToken).listPlates(experiment);
}
@Override
- public List<ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.ExperimentIdentifier> listExperiments(
- String sessionToken)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ @ReturnValueFilter(validatorClass = ScreeningExperimentValidator.class)
+ public List<ExperimentIdentifier> listExperiments(String sessionToken)
{
return createScreeningApiImpl(sessionToken).listExperiments();
}
@Override
- public List<ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.ExperimentIdentifier> listExperiments(
- String sessionToken, String userId)
+ @RolesAllowed(RoleWithHierarchy.INSTANCE_OBSERVER)
+ public List<ExperimentIdentifier> listExperiments(String sessionToken, String userId)
{
return createScreeningApiImpl(sessionToken).listExperiments(userId);
}
@Override
- public List<IDatasetIdentifier> getDatasetIdentifiers(String sessionToken,
- List<String> datasetCodes)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public List<IDatasetIdentifier> getDatasetIdentifiers(
+ String sessionToken,
+ @AuthorizationGuard(guardClass = DataSetCodeCollectionPredicate.class) List<String> datasetCodes)
{
return createScreeningApiImpl(sessionToken).getDatasetIdentifiers(datasetCodes);
}
@Override
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public AnalysisProcedures listNumericalDatasetsAnalysisProcedures(String sessionToken,
+ @AuthorizationGuard(guardClass = ExperimentSearchCriteriaPredicate.class)
ExperimentSearchCriteria experimentSearchCriteria)
{
checkSession(sessionToken);
@@ -542,8 +641,10 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
- public List<PlateWellMaterialMapping> listPlateMaterialMapping(String sessionToken,
- List<? extends PlateIdentifier> plates,
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public List<PlateWellMaterialMapping> listPlateMaterialMapping(
+ String sessionToken,
+ @AuthorizationGuard(guardClass = ScreeningPlateListReadOnlyPredicate.class) List<? extends PlateIdentifier> plates,
MaterialTypeIdentifier materialTypeIdentifierOrNull)
{
return createScreeningApiImpl(sessionToken).listPlateMaterialMapping(plates,
@@ -594,15 +695,20 @@ public final class ScreeningServer extends AbstractServer<IScreeningServer> impl
}
@Override
- public List<PlateMetadata> getPlateMetadataList(String sessionToken,
- List<? extends PlateIdentifier> plateIdentifiers) throws IllegalArgumentException
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public List<PlateMetadata> getPlateMetadataList(
+ String sessionToken,
+ @AuthorizationGuard(guardClass = ScreeningPlateListReadOnlyPredicate.class) List<? extends PlateIdentifier> plateIdentifiers)
+ throws IllegalArgumentException
{
return createScreeningApiImpl(sessionToken).getPlateMetadata(plateIdentifiers);
}
@Override
- public ExperimentImageMetadata getExperimentImageMetadata(String sessionToken,
- ExperimentIdentifier experimentIdentifer)
+ @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+ public ExperimentImageMetadata getExperimentImageMetadata(
+ String sessionToken,
+ @AuthorizationGuard(guardClass = ExperimentIdentifierPredicate.class) ExperimentIdentifier experimentIdentifer)
{
checkSession(sessionToken);
return createScreeningApiImpl(sessionToken).getExperimentImageMetadata(experimentIdentifer);
diff --git a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/IScreeningServer.java b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/IScreeningServer.java
index 5777ba93451..7981b423cca 100644
--- a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/IScreeningServer.java
+++ b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/IScreeningServer.java
@@ -22,14 +22,6 @@ import org.springframework.transaction.annotation.Transactional;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.IServer;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.Capability;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractTechIdPredicate.DataSetTechIdPredicate;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractTechIdPredicate.ExperimentTechIdPredicate;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodePredicate;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.SampleTechIdPredicate;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.CodeAndLabel;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.ExternalData;
@@ -37,16 +29,9 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Material;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.MaterialType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewMaterial;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSamplesWithTypes;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Sample;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.SampleParentWithDerived;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Vocabulary;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.authorization.DatasetReferencePredicate;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.authorization.ExperimentSearchCriteriaPredicate;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.authorization.MaterialExperimentFeatureVectorSummaryValidator;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.authorization.MaterialFeaturesOneExpPredicate;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.authorization.WellContentValidator;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.authorization.WellSearchCriteriaPredicate;
import ch.systemsx.cisd.openbis.plugin.screening.shared.basic.dto.AnalysisProcedures;
import ch.systemsx.cisd.openbis.plugin.screening.shared.basic.dto.DatasetReference;
import ch.systemsx.cisd.openbis.plugin.screening.shared.basic.dto.ExperimentFeatureVectorSummary;
@@ -81,18 +66,14 @@ public interface IScreeningServer extends IServer
* image analysis only if one dataset with such a data exist.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public PlateContent getPlateContent(String sessionToken,
- @AuthorizationGuard(guardClass = SampleTechIdPredicate.class)
TechId plateId);
/**
* Loads feature vector of specified dataset with one feature specified by name.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public FeatureVectorDataset getFeatureVectorDataset(String sessionToken,
- @AuthorizationGuard(guardClass = DatasetReferencePredicate.class)
DatasetReference dataset, CodeAndLabel featureName);
/**
@@ -100,9 +81,7 @@ public interface IScreeningServer extends IServer
*/
// TODO can return null
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public FeatureVectorValues getWellFeatureVectorValues(String sessionToken,
- @AuthorizationGuard(guardClass = DataSetCodePredicate.class)
String datasetCode, String datastoreCode, WellLocation wellLocation);
/**
@@ -110,9 +89,7 @@ public interface IScreeningServer extends IServer
* specified dataset, which is supposed to contain images in BDS-HCS format.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public PlateImages getPlateContentForDataset(String sessionToken,
- @AuthorizationGuard(guardClass = DataSetTechIdPredicate.class)
TechId datasetId);
/**
@@ -120,10 +97,7 @@ public interface IScreeningServer extends IServer
* image dataset and feature vectors.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
- @ReturnValueFilter(validatorClass = WellContentValidator.class)
public List<WellContent> listPlateWells(String sessionToken,
- @AuthorizationGuard(guardClass = WellSearchCriteriaPredicate.class)
WellSearchCriteria materialCriteria);
/**
@@ -133,9 +107,7 @@ public interface IScreeningServer extends IServer
* the whole well is ignored.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<WellReplicaImage> listWellImages(String sessionToken, TechId materialId,
- @AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class)
TechId experimentId);
/**
@@ -144,9 +116,7 @@ public interface IScreeningServer extends IServer
* specified experiment(s) will be returned.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Material> listMaterials(String sessionToken,
- @AuthorizationGuard(guardClass = WellSearchCriteriaPredicate.class)
WellSearchCriteria materialCriteria);
/**
@@ -155,33 +125,23 @@ public interface IScreeningServer extends IServer
* @param materialType
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public List<Material> listExperimentMaterials(String sessionToken,
- @AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class)
TechId experimentId, MaterialType materialType);
@Transactional
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public LogicalImageInfo getImageDatasetInfo(String sessionToken,
- @AuthorizationGuard(guardClass = DataSetCodePredicate.class)
String datasetCode, String datastoreCode, WellLocation wellLocationOrNull);
@Transactional
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ImageDatasetEnrichedReference getImageDatasetReference(String sessionToken,
- @AuthorizationGuard(guardClass = DataSetCodePredicate.class)
String datasetCode, String datastoreCode);
@Transactional
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
- List<ImageResolution> getImageDatasetResolutions(String sessionToken,
- @AuthorizationGuard(guardClass = DataSetCodePredicate.class)
+ public List<ImageResolution> getImageDatasetResolutions(String sessionToken,
String datasetCode, String datastoreCode);
@Transactional
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ImageSampleContent getImageDatasetInfosForSample(String sessionToken,
- @AuthorizationGuard(guardClass = SampleTechIdPredicate.class)
TechId sampleId, WellLocation wellLocationOrNull);
/**
@@ -192,40 +152,32 @@ public interface IScreeningServer extends IServer
* uniquely identified by given <var>sampleId</var> does not exist.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public SampleParentWithDerived getSampleInfo(final String sessionToken,
- @AuthorizationGuard(guardClass = SampleTechIdPredicate.class)
final TechId sampleId) throws UserFailureException;
/**
* For given {@link TechId} returns the corresponding {@link ExternalData}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ExternalData getDataSetInfo(String sessionToken,
- @AuthorizationGuard(guardClass = DataSetTechIdPredicate.class)
TechId datasetId);
/**
* For given {@link TechId} returns the corresponding {@link Material}.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Material getMaterialInfo(String sessionToken, TechId materialId);
/**
* Returns vocabulary with given code.
*/
@Transactional
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public Vocabulary getVocabulary(String sessionToken, String code) throws UserFailureException;
/**
* Registers the contents of an uploaded library.
*/
@Transactional
- @RolesAllowed(RoleWithHierarchy.SPACE_ADMIN)
- @Capability("WRITE_EXPERIMENT_SAMPLE_MATERIAL")
public void registerLibrary(String sessionToken, String userEmail,
List<NewMaterial> newGenesOrNull, List<NewMaterial> newOligosOrNull,
List<NewSamplesWithTypes> newSamplesWithType);
@@ -235,9 +187,7 @@ public interface IScreeningServer extends IServer
* materials.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public ExperimentFeatureVectorSummary getExperimentFeatureVectorSummary(String sessionToken,
- @AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class)
TechId experimentId, AnalysisProcedureCriteria analysisProcedureCriteria);
/**
@@ -245,17 +195,13 @@ public interface IScreeningServer extends IServer
* material.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public MaterialReplicaFeatureSummaryResult getMaterialFeatureVectorSummary(String sessionToken,
- @AuthorizationGuard(guardClass = MaterialFeaturesOneExpPredicate.class)
MaterialFeaturesOneExpCriteria criteria);
/**
* Returns feature vectors from all experiments for a specified material.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
- @ReturnValueFilter(validatorClass = MaterialExperimentFeatureVectorSummaryValidator.class)
public List<MaterialSimpleFeatureVectorSummary> getMaterialFeatureVectorsFromAllExperiments(
String sessionToken, MaterialFeaturesManyExpCriteria criteria);
@@ -271,9 +217,7 @@ public interface IScreeningServer extends IServer
* </p>
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
public AnalysisProcedures listNumericalDatasetsAnalysisProcedures(String sessionToken,
- @AuthorizationGuard(guardClass = ExperimentSearchCriteriaPredicate.class)
ExperimentSearchCriteria experimentSearchCriteria);
}
diff --git a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/v1/IScreeningApiServer.java b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/v1/IScreeningApiServer.java
index fbc7d119675..639b0102ade 100644
--- a/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/v1/IScreeningApiServer.java
+++ b/screening/source/java/ch/systemsx/cisd/openbis/plugin/screening/shared/api/v1/IScreeningApiServer.java
@@ -23,18 +23,6 @@ import org.springframework.transaction.annotation.Transactional;
import ch.systemsx.cisd.common.api.IRpcService;
import ch.systemsx.cisd.common.api.MinimalMinorVersion;
import ch.systemsx.cisd.openbis.generic.shared.api.v1.dto.Sample;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.AuthorizationGuard;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.ReturnValueFilter;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.annotation.RolesAllowed;
-import ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.DataSetCodeCollectionPredicate;
-import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.ExperimentIdentifierPredicate;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.PlateIdentifierPredicate;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.PlateWellReferenceWithDatasetsValidator;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.ScreeningExperimentValidator;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.ScreeningPlateListReadOnlyPredicate;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.ScreeningPlateValidator;
-import ch.systemsx.cisd.openbis.plugin.screening.shared.api.internal.authorization.WellIdentifierPredicate;
import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.ExperimentIdentifier;
import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.ExperimentImageMetadata;
import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.FeatureVectorDatasetReference;
@@ -71,7 +59,7 @@ public interface IScreeningApiServer extends IRpcService
* Service part of the URL to access this service remotely.
*/
public static final String SERVICE_URL = "/rmi-" + SERVICE_NAME + "-api-v1";
-
+
public static final String JSON_SERVICE_URL = SERVICE_URL + ".json";
/**
@@ -94,22 +82,16 @@ public interface IScreeningApiServer extends IRpcService
* hierarchical context (space, project, experiment).
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
- @ReturnValueFilter(validatorClass = ScreeningPlateValidator.class)
List<Plate> listPlates(String sessionToken) throws IllegalArgumentException;
-
/**
* Return the list of all plates assigned to the given experiment.
*
* @since 1.5
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@MinimalMinorVersion(5)
- List<Plate> listPlates(
- String sessionToken,
- @AuthorizationGuard(guardClass = ExperimentIdentifierPredicate.class) ExperimentIdentifier experiment)
+ List<Plate> listPlates(String sessionToken, ExperimentIdentifier experiment)
throws IllegalArgumentException;
/**
@@ -119,12 +101,9 @@ public interface IScreeningApiServer extends IRpcService
* @since 1.8
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@MinimalMinorVersion(8)
- List<PlateMetadata> getPlateMetadataList(
- String sessionToken,
- @AuthorizationGuard(guardClass = ScreeningPlateListReadOnlyPredicate.class) List<? extends PlateIdentifier> plates)
- throws IllegalArgumentException;
+ List<PlateMetadata> getPlateMetadataList(String sessionToken,
+ List<? extends PlateIdentifier> plates) throws IllegalArgumentException;
/**
* Return the list of all visible experiments, along with their hierarchical context (space,
@@ -133,8 +112,6 @@ public interface IScreeningApiServer extends IRpcService
* @since 1.1
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
- @ReturnValueFilter(validatorClass = ScreeningExperimentValidator.class)
@MinimalMinorVersion(1)
List<ExperimentIdentifier> listExperiments(String sessionToken);
@@ -145,7 +122,6 @@ public interface IScreeningApiServer extends IRpcService
* @since 1.6
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.INSTANCE_OBSERVER)
@MinimalMinorVersion(6)
List<ExperimentIdentifier> listExperiments(String sessionToken, String userId);
@@ -154,22 +130,16 @@ public interface IScreeningApiServer extends IRpcService
* sets containing feature vectors for each of these plates.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
- List<FeatureVectorDatasetReference> listFeatureVectorDatasets(
- String sessionToken,
- @AuthorizationGuard(guardClass = ScreeningPlateListReadOnlyPredicate.class) List<? extends PlateIdentifier> plates)
- throws IllegalArgumentException;
+ List<FeatureVectorDatasetReference> listFeatureVectorDatasets(String sessionToken,
+ List<? extends PlateIdentifier> plates) throws IllegalArgumentException;
/**
* For a given set of plates provide the list of all data sets containing images for each of
* these plates.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
- List<ImageDatasetReference> listImageDatasets(
- String sessionToken,
- @AuthorizationGuard(guardClass = ScreeningPlateListReadOnlyPredicate.class) List<? extends PlateIdentifier> plates)
- throws IllegalArgumentException;
+ List<ImageDatasetReference> listImageDatasets(String sessionToken,
+ List<? extends PlateIdentifier> plates) throws IllegalArgumentException;
/**
* For a given set of plates provide the list of all data sets containing raw images for each of
@@ -178,12 +148,9 @@ public interface IScreeningApiServer extends IRpcService
* @since 1.6
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@MinimalMinorVersion(6)
- List<ImageDatasetReference> listRawImageDatasets(
- String sessionToken,
- @AuthorizationGuard(guardClass = ScreeningPlateListReadOnlyPredicate.class) List<? extends PlateIdentifier> plates)
- throws IllegalArgumentException;
+ List<ImageDatasetReference> listRawImageDatasets(String sessionToken,
+ List<? extends PlateIdentifier> plates) throws IllegalArgumentException;
/**
* For a given set of plates provide the list of all data sets containing segmentation images
@@ -192,21 +159,15 @@ public interface IScreeningApiServer extends IRpcService
* @since 1.6
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@MinimalMinorVersion(6)
- List<ImageDatasetReference> listSegmentationImageDatasets(
- String sessionToken,
- @AuthorizationGuard(guardClass = ScreeningPlateListReadOnlyPredicate.class) List<? extends PlateIdentifier> plates)
- throws IllegalArgumentException;
+ List<ImageDatasetReference> listSegmentationImageDatasets(String sessionToken,
+ List<? extends PlateIdentifier> plates) throws IllegalArgumentException;
/**
* Converts a given list of dataset codes to dataset identifiers.
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
- List<IDatasetIdentifier> getDatasetIdentifiers(
- String sessionToken,
- @AuthorizationGuard(guardClass = DataSetCodeCollectionPredicate.class) List<String> datasetCodes);
+ List<IDatasetIdentifier> getDatasetIdentifiers(String sessionToken, List<String> datasetCodes);
/**
* For the given <var>experimentIdentifier</var>, find all plate locations that are connected to
@@ -216,12 +177,10 @@ public interface IScreeningApiServer extends IRpcService
* @since 1.1
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@MinimalMinorVersion(1)
- List<PlateWellReferenceWithDatasets> listPlateWells(
- String sessionToken,
- @AuthorizationGuard(guardClass = ExperimentIdentifierPredicate.class) ExperimentIdentifier experimentIdentifer,
- MaterialIdentifier materialIdentifier, boolean findDatasets);
+ List<PlateWellReferenceWithDatasets> listPlateWells(String sessionToken,
+ ExperimentIdentifier experimentIdentifer, MaterialIdentifier materialIdentifier,
+ boolean findDatasets);
/**
* For the given <var>materialIdentifier</var>, find all plate locations that are connected to
@@ -231,8 +190,6 @@ public interface IScreeningApiServer extends IRpcService
* @since 1.2
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
- @ReturnValueFilter(validatorClass = PlateWellReferenceWithDatasetsValidator.class)
@MinimalMinorVersion(2)
List<PlateWellReferenceWithDatasets> listPlateWells(String sessionToken,
MaterialIdentifier materialIdentifier, boolean findDatasets);
@@ -243,35 +200,27 @@ public interface IScreeningApiServer extends IRpcService
* @since 1.3
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@MinimalMinorVersion(3)
- public List<WellIdentifier> listPlateWells(
- String sessionToken,
- @AuthorizationGuard(guardClass = PlateIdentifierPredicate.class) PlateIdentifier plateIdentifier);
+ public List<WellIdentifier> listPlateWells(String sessionToken, PlateIdentifier plateIdentifier);
/**
- * For a given <var>wellIdentifier</var>, return the corresponding {@link Sample} including properties.
+ * For a given <var>wellIdentifier</var>, return the corresponding {@link Sample} including
+ * properties.
*
* @since 1.3
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@MinimalMinorVersion(3)
- public Sample getWellSample(
- String sessionToken,
- @AuthorizationGuard(guardClass = WellIdentifierPredicate.class) WellIdentifier wellIdentifier);
-
+ public Sample getWellSample(String sessionToken, WellIdentifier wellIdentifier);
+
/**
* For a given <var>plateIdentifier</var>, return the corresponding {@link Sample}.
*
* @since 1.7
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@MinimalMinorVersion(7)
- public Sample getPlateSample(
- String sessionToken,
- @AuthorizationGuard(guardClass = PlateIdentifierPredicate.class) PlateIdentifier plateIdentifier);
+ public Sample getPlateSample(String sessionToken, PlateIdentifier plateIdentifier);
/**
* For a given list of <var>plates</var>, return the mapping of plate wells to materials
@@ -284,11 +233,9 @@ public interface IScreeningApiServer extends IRpcService
* @since 1.2
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@MinimalMinorVersion(2)
- List<PlateWellMaterialMapping> listPlateMaterialMapping(
- String sessionToken,
- @AuthorizationGuard(guardClass = ScreeningPlateListReadOnlyPredicate.class) List<? extends PlateIdentifier> plates,
+ List<PlateWellMaterialMapping> listPlateMaterialMapping(String sessionToken,
+ List<? extends PlateIdentifier> plates,
MaterialTypeIdentifier materialTypeIdentifierOrNull);
/**
@@ -297,10 +244,8 @@ public interface IScreeningApiServer extends IRpcService
* @since 1.9
*/
@Transactional(readOnly = true)
- @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
@MinimalMinorVersion(1)
- ExperimentImageMetadata getExperimentImageMetadata(
- String sessionToken,
- @AuthorizationGuard(guardClass = ExperimentIdentifierPredicate.class) ExperimentIdentifier experimentIdentifer);
+ ExperimentImageMetadata getExperimentImageMetadata(String sessionToken,
+ ExperimentIdentifier experimentIdentifer);
}
diff --git a/screening/sourceTest/java/ch/systemsx/cisd/openbis/plugin/screening/shared/ServerInterfaceRegressionTest.java b/screening/sourceTest/java/ch/systemsx/cisd/openbis/plugin/screening/server/ServerInterfaceRegressionTest.java
similarity index 61%
rename from screening/sourceTest/java/ch/systemsx/cisd/openbis/plugin/screening/shared/ServerInterfaceRegressionTest.java
rename to screening/sourceTest/java/ch/systemsx/cisd/openbis/plugin/screening/server/ServerInterfaceRegressionTest.java
index 1a41070434f..3673400dba0 100644
--- a/screening/sourceTest/java/ch/systemsx/cisd/openbis/plugin/screening/shared/ServerInterfaceRegressionTest.java
+++ b/screening/sourceTest/java/ch/systemsx/cisd/openbis/plugin/screening/server/ServerInterfaceRegressionTest.java
@@ -14,11 +14,13 @@
* limitations under the License.
*/
-package ch.systemsx.cisd.openbis.plugin.screening.shared;
+package ch.systemsx.cisd.openbis.plugin.screening.server;
import org.testng.annotations.Test;
import ch.systemsx.cisd.openbis.generic.shared.RegressionTestCase;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.IScreeningServer;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.IScreeningApiServer;
/**
* @author Tomasz Pylak
@@ -28,6 +30,13 @@ public class ServerInterfaceRegressionTest extends RegressionTestCase
@Test
public void testServerAnnotations()
{
- assertMandatoryMethodAnnotations(IScreeningServer.class);
+ assertMandatoryMethodAnnotations(IScreeningServer.class, ScreeningServer.class);
+ }
+
+ @Test
+ public void testApiServerAnnotations()
+ {
+ assertMandatoryMethodAnnotations(IScreeningApiServer.class, ScreeningServer.class,
+ "tryLoginScreening: RolesAllowed\n" + "logoutScreening: RolesAllowed\n");
}
}
diff --git a/screening/sourceTest/java/ch/systemsx/cisd/openbis/screening/systemtests/ScreeningServerAuthorizationTest.java b/screening/sourceTest/java/ch/systemsx/cisd/openbis/screening/systemtests/ScreeningServerAuthorizationTest.java
new file mode 100644
index 00000000000..d38cb546d10
--- /dev/null
+++ b/screening/sourceTest/java/ch/systemsx/cisd/openbis/screening/systemtests/ScreeningServerAuthorizationTest.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2012 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.screening.systemtests;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.Test;
+
+import ch.systemsx.cisd.common.exceptions.AuthorizationFailureException;
+import ch.systemsx.cisd.openbis.generic.server.ICommonServerForInternalUse;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Grantee;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewMaterial;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.NewSamplesWithTypes;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Person;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Space;
+import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.DatabaseInstanceIdentifier;
+import ch.systemsx.cisd.openbis.generic.shared.dto.identifier.SpaceIdentifier;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.IScreeningServer;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.ResourceNames;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.IScreeningApiServer;
+import ch.systemsx.cisd.openbis.plugin.screening.shared.api.v1.dto.ExperimentIdentifier;
+
+/**
+ *
+ *
+ * @author Franz-Josef Elmer
+ */
+public class ScreeningServerAuthorizationTest extends AbstractScreeningSystemTestCase
+{
+ private static final String TEST_USER = "test-user";
+ private static final String SPACE_CODE = "CISD";
+
+ private ICommonServerForInternalUse commonServer;
+ private IScreeningServer screeningServer;
+ private IScreeningApiServer screeningApiServer;
+ private String userSessionToken;
+
+ @BeforeMethod
+ public void setUp()
+ {
+ commonServer =
+ (ICommonServerForInternalUse) applicationContext
+ .getBean(ch.systemsx.cisd.openbis.generic.shared.ResourceNames.COMMON_SERVER);
+ Object serverBean = applicationContext
+ .getBean(ResourceNames.SCREENING_PLUGIN_SERVER);
+ screeningServer = (IScreeningServer) serverBean;
+ screeningApiServer = (IScreeningApiServer) serverBean;
+ String sessionToken = commonServer.tryToAuthenticateAsSystem().getSessionToken();
+ if (hasSpace(sessionToken, SPACE_CODE) == false)
+ {
+ commonServer.registerSpace(sessionToken, SPACE_CODE, null);
+ }
+ if (hasPerson(sessionToken, TEST_USER) == false)
+ {
+ commonServer.registerPerson(sessionToken, TEST_USER);
+ Grantee grantee = Grantee.createPerson(TEST_USER);
+ commonServer.registerSpaceRole(sessionToken, RoleCode.OBSERVER, new SpaceIdentifier(
+ SPACE_CODE), grantee);
+ }
+ userSessionToken = commonServer.tryToAuthenticate(TEST_USER, "abc").getSessionToken();
+ }
+
+ private boolean hasSpace(String sessionToken, String spaceCode)
+ {
+ List<Space> spaces =
+ commonServer.listSpaces(sessionToken, DatabaseInstanceIdentifier.HOME_INSTANCE);
+ for (Space space : spaces)
+ {
+ if (space.getCode().equals(spaceCode))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private boolean hasPerson(String sessionToken, String personID)
+ {
+ List<Person> persons = commonServer.listPersons(sessionToken);
+ for (Person person : persons)
+ {
+ if (person.getUserId().equals(personID))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Test(expectedExceptions = AuthorizationFailureException.class)
+ public void testSetSessionUserFailsBecauseOfNonAuthorized()
+ {
+ screeningServer.setSessionUser(userSessionToken, "system");
+ }
+
+ @Test(expectedExceptions = AuthorizationFailureException.class)
+ public void testListPlatesFailsBecauseOfAuthorization()
+ {
+ screeningApiServer.listPlates(userSessionToken, new ExperimentIdentifier("a", "b", "c", "d"));
+ }
+
+ @Test(expectedExceptions = AuthorizationFailureException.class)
+ public void testRegisterLibraryFailsBecauseOfNonAuthorized()
+ {
+ screeningServer.registerLibrary(userSessionToken, "",
+ Collections.<NewMaterial> emptyList(), Collections.<NewMaterial> emptyList(),
+ Collections.<NewSamplesWithTypes> emptyList());
+ }
+
+}
--
GitLab